This seems to affect only OpenSSL 3.x.x

Most distros have never bothered to upgrade to major version 3 - possibly because it broke ABI backwards compatibility - so despite the critical severity the impact might not be as widespread as it could have been?

OpenSSL 3 is in Ubuntu 22.04 LTS [1]. I expect that alone to be bad enough.

[1] https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes...

It is in fedora and debian testing, but not stable. It made it into redhat 9, but none of the earlier ones or centos.

Source:

https://distrowatch.com/

Oddly, they say it is in openbsd. I thought they moved off openssl years ago. (It might be good to take the other things I said with a grain of salt.)

OpenBSD uses LibreSSL in base, but they provide OpenSSL ports/packages, including for OpenSSL 3: https://openports.se/security/openssl/3.0

I don't know if any other ports use it; they try to make them work with LibreSSL, but maybe a few ports use OpenSSL 3.

RCE and unprivileged access to memory? (to dump keys and the like)

seems fun

No cute name / logo for this one?